GoldFinder Malware
The GoldFinder Malware is a very simplistic cyber-threat whose development and usage is attributed to the cybercrime group known as Nobelium or Solarigate. Their most notorious attack is against the SolarWinds software vendor, but they have been involved in other attack campaigns against US-based companies and individuals previously. The GoldFinder Malware was usually employed alongside other notable Nobelium APT implants such as the GoldMax Malware.
While the latter possesses features typical for backdoor Trojans, the GoldFinder Malware is far simpler. It is also written in the Go language, but its sole purpose is to track HTTP traffic on the compromised device, as well as to monitor for any out-of-place proxy servers and redirects. This may allow GoldFinder Malware's operators to identify controlled environments used for malware research since the researchers might try to isolate the traffic generated by the GoldMax Malware or similar implants. Basically, GoldFinder Malware is meant to make sure that GoldMax's activities will stay under the radar for as long as possible.
It is likely that the GoldMax Malware will self-terminate in case the GoldFinder Malware reports anything out of the ordinary. Advanced Persistent Threat (APT) groups often use multiple implants to make sure that the execution of their primary payload is not hindered, and the GoldFinder Malware appears to serve a similar purpose. All of Nobelium APT's malware is identifiable and removable with the use of updated anti-virus products.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.